by olo-dot-io
Operations substrate for AI agents that use real software: 311 sites/tools, logged-in browsers, desktop apps, local tools, MCP, policy, evidence, AgentEnvelope v2, and self-repair.
# Add to your Claude Code skills
git clone https://github.com/olo-dot-io/Uni-CLILast scanned: 5/30/2026
{
"issues": [
{
"type": "npm-audit",
"message": "brace-expansion: brace-expansion: Large numeric range defeats documented `max` DoS protection",
"severity": "medium"
},
{
"type": "npm-audit",
"message": "esbuild: esbuild enables any website to send any requests to the development server and read the response",
"severity": "medium"
},
{
"type": "npm-audit",
"message": "vite: Vite Vulnerable to Path Traversal in Optimized Deps `.map` Handling",
"severity": "medium"
},
{
"type": "npm-audit",
"message": "vitepress: Vulnerability found",
"severity": "medium"
}
],
"status": "PASSED",
"scannedAt": "2026-05-30T16:11:49.769Z",
"npmAuditRan": true,
"pipAuditRan": true
}Uni-CLI is an open-source ai agents skill for AI coding assistants such as Claude Code, Codex CLI, and ChatGPT, built by olo-dot-io. Operations substrate for AI agents that use real software: 311 sites/tools, logged-in browsers, desktop apps, local tools, MCP, policy, evidence, AgentEnvelope v2, and self-repair. It has 147 GitHub stars.
Yes. Uni-CLI passed SkillsLLM's automated security scan — a dependency vulnerability audit plus prompt-injection heuristics — with no high-severity issues. You can read the full report in the Security Report section on this page.
Clone the repository with "git clone https://github.com/olo-dot-io/Uni-CLI" and add it to your Claude Code skills directory (see the Installation section above).
Uni-CLI is primarily written in TypeScript. It is open-source under olo-dot-io on GitHub, so you can review or fork the full source.
Yes. SkillsLLM lists many other AI Agents skills you can browse and compare side by side. Open the AI Agents category from the badge at the top of this page, or use the Related Skills and comparison links further down to weigh Uni-CLI against similar tools.
No comments yet. Be the first to share your thoughts!
Based on votes and bookmarks from developers who liked this skill
npm install -g @zenalexa/unicli
unicli do "find the Hacker News frontpage"
unicli extract https://example.com --max-chars 1200
unicli compute snapshot --app Calculator --format compact
npx @zenalexa/unicli mcp serve
| Agent problem | Uni-CLI answer |
|---|---|
| "What can control this?" | unicli search and unicli do turn intent into ranked operation plans |
| "Which boundary should act?" | Web, browser, desktop, subprocess, protocol, and visual substrates share one runtime |
| "Can I run it safely?" | permission profiles expose open, confirm, and locked execution modes |
| "What happened?" | every run returns an AgentEnvelope with data, context, retryability, and evidence hooks |
| "The path failed." | unicli delivery turns run evidence into diagnosis, next experiment, execution, and repair bounds |
| "Expose it to my agent host." | unicli mcp serve, ACP, native CLI, and JSON streams expose the same operation contracts |
The next software user is not only a person with a mouse. It is an agent with a task, a context window, a permission budget, and a need for evidence. Vehicle assistants work because navigation, media, climate, and driving assistance sit behind a bounded control surface. General computers need the same idea at larger scale: browser state, desktop apps, local tools, files, OS services, accessibility trees, screenshots, protocol servers, and website-specific paths must become one controllable environment.
Uni-CLI is that control surface. It is not a browser library, a computer-use VM, a natural-language shell, an MCP server, or a pile of site wrappers. Those are all useful substrates. Uni-CLI sits above them and turns agent intent into governed software action with an evidence receipt and a repairable path.
The platform combines pieces that usually live apart, but they are not separate product identities:
Every serious agent operation follows the same loop.
| Step | What Uni-CLI gives the agent |
|---|---|
| Intent | unicli search and unicli do map a task to candidate operations, args, auth mode, examples, and risk signals |
| Select | operation contracts choose the smallest boundary that can act: API, browser, desktop, subprocess, protocol, visual |
| Govern | open, confirm, and locked profiles block risky effects before requests, writes, or spawns |
| Act | the shared kernel invokes the selected substrate instead of forking wrapper-specific behavior |
| Observe | AgentEnvelope v2 returns data, context, retryability, timing, and evidence hooks |
| Diagnose | unicli delivery assess classifies failures as product drift, missing context, policy block, or upstream trouble |
| Repair | unicli delivery trajectory and repair-candidate keep the next experiment bounded by evidence |
| Deliver | evidence gates decide whether the objective is satisfied, still active, blocked, or exhausted |
| Expose | the same operation can be called by humans, agents, MCP clients, ACP clients, CI, and scripts |
| If you start from... | You usually get... | Uni-CLI makes it a substrate under... |
|---|---|---|
| Browser automation | powerful page control | operation contracts, auth posture, evidence, delivery, and repair |
| Computer-use sandboxes | screen, mouse, keyboard, and benchmark environments | the same agent-to-computer loop used by local apps, browsers, CLIs, and protocols |
| Natural-language local execution | flexible shell and code access | typed operation boundaries, policy, receipts, and reusable command contracts |
| MCP server collections | easy agent attachment but high resident tool weight | a compact search-first path plus MCP profiles when the host requires MCP |
| Per-app or per-site wrappers | deep access to one surface | one governed runtime across web, desktop, local tools, files, and agent protocols |
Uni-CLI treats the computer as the environment and each controllable boundary as a substrate. The substrate can be high-level and typed, or low-level and visual; the receipt remains the same.
| Layer | What it controls |
|---|---|
| Operation contracts | reusable actions with args, output shape, auth posture, safety metadata, source path, and repair path |
| Web and APIs | public, cookie, header, browser-intercept, download, upload, publish, extract, and search workflows |
| Browser sessions | CDP navigate/click/type/fill/select/wait/network/screenshot/snapshot/evidence |
| Desktop and OS | macOS apps, Accessibility refs, screenshots, clipboard, calendar, brightness, app actions, and local system s |